Staff MemberManagerAdminKoala+

I'm sure you've all seen the new feature of Two Factor Authentication, or 2fa. I'll be explaining why we have it and how to use it, as well as an FAQ.

Why do we have Two Factor Authentication?
It's pretty simple - if your account gets hacked, there will be an extra layer of protection securing your in-game stats and items. Staff are required to use 2fa; this is so that players won't be wrongfully muted or banned if a staff account was hacked.

How do I use the /2fa command?
The default security code is: 999
When you log in, use /2fa 999
Then, use /2faset <your chosen numeric password>
It's recommended to use at least three numbers for your 2fa code.
You should now be able to log in and verify with your /2fa password. When logging on in the future, simply use /2fa <numeric password>.

If you want to enable or disable your 2fa, use /aaenable or /aadisable.

FAQ

What does getting banned for "too many 2fa attempts" mean?
This means that you've attempted to enter an incorrect 2fa too many times. If this happens, contact an admin.

What if I forget my 2fa?
If you forget your 2fa password, message @Dylan Keir or I and we'll sort it from there.

Do I need to use a 2fa?
No, you do not unless you are a staff member. However, we recommend it.

Someone figured out my 2fa! Help!
Make sure not to tell anyone under admin your 2fa. However, if someone knows your 2fa, contact Dylan or I and we'll reset it.How do I disable and enable my 2fa?
Disable your 2fa with /aadisable. Enable it with /aaenable.

Anything you think should be added to the FAQ? Tag me in a comment below and I'll add it.

@Evergreen I'm not sure if this is just for me but when I typed in /2fa 999 it didn't tell me I logged in and was ready to make my 2fa code maybe we can have it say "2fa ready for code" or something simple like that just to let people know that they can enter their code in

Good idea, but a huge red flag went off in my head when you said "default password is:", because then would-be attackers have an even more thorough way to penetrate someone's account. They could immediately change the password after using the default, locking the account's owner out of their account forever. Please make it mandatory when you login that you set a password, otherwise people's accounts may be even more vulnerable.

Good idea, but a huge red flag went off in my head when you said "default password is:", because then would-be attackers have an even more thorough way to penetrate someone's account. They could immediately change the password after using the default, locking the account's owner out of their account forever. Please make it mandatory when you login that you set a password, otherwise people's accounts may be even more vulnerable.